At what point is the Automation Principals engaged and how does the RSCD Agent use regkey "HKLM\Software\BladeLogic\RSCD Agent\BladelogicRSCDUser" to create the domain account to provide automation on more then one Domain controller?

Ok, So what information do i need to read to understand how Automation Principals work? I need to be able to explain how the account authtenticats to the DC Server and why accounts are being created as defined in Reg_sz.

but the AP isn't creating anything or shouldn't be. for the UPM we use the BladeLogicRSCD account. when you install on a DC, that does create the account in the domain. and then all of the DCs use the same account when you run things against the agents. there's a problem w/ that - there are things that can cause the domain level account to get locked out due to failed authentication attempts. so there's a registry key ("HKLM\Software\BladeLogic\RSCD Agent\BladelogicRSCDUser") that lets you define another account name to use. so someone manually created that. and then on agent startup, the account name in that key will be created in the domain. so if you see BladeLogicRSCD_dcname, that means that someone went in and set that key and value on each of your DCs. i'm fairly certain we are not automatically setting that (we had talked about it though).

but this has nothing to do w/ the AP. so as long as UPM is still enabled on the DCs then either the account specified in that registry key, or 'BladeLogicRSCD' is going to be created in your domain when the agent starts on the DCs.